X-Industry

Supply chain networks have for some time been driven by technology over the years and have evolved accordingly.  The same technologies that make supply chains faster and more effective also threaten their cybersecurity. Supply chains have vulnerabilities along touchpoints with manufacturers, suppliers, and other service providers.

With constant global cyber threats, it is vital that companies involved in the supply chain understand risks and how to respond to them.  So, what is the best way to p

“No entiendo como se comprometió España.”  Responder en Inglés, “well my friends, no one is immune to cyber-attacks - no one.”  Spain’s State Public Employment Service (SEPE), which coordinates unemployment benefits and ERTE throughout Spain, has been the victim of a cyberattack that has crippled its electronic and face-to-face appointment-setting services and other procedures.[1]  A government Spanish spokesman said, “At the moment it is not possible to access the website”, with the Central Tra

A new version of the Ryuk ransomware is capable of worm-like self-propagation within a local network, researchers have recently found.  The variant first emerged in Windows-focused campaigns earlier in 2021, according to the French National Agency for the Security of Information Systems (ANSSI). The agency said that it achieves self-replication by scanning for network shares, and then copying a unique version of the ransomware executable (with the file name rep.exe or lan.exe) to each of them as

Ransomware was one of the most observed cyber threats this year to date. Ryuk and Sodinokibi, were the most observed villains in Red Sky Alliance’s client investigations, have been joined by Maze as the top three ransomware variants so far in 2020.  After launching several high-profile attacks earlier in 2020, the actors behind Ryuk ransomware seem to have gone on a vacation near the end of Q2. According to cyber threat analysts, Crimeware and their developers often have periods where they go do

American toy manufacturing giant Mattel this week revealed that it fell victim to a ransomware attack that impacted some of its operations.  Founded in 1945 and headquartered in El Segundo, California, Mattel is one of the largest toy sellers in terms of revenue, with its operations divided into three segments, namely North America, International, and American Girl.  Mattel sells products such as Barbie, Fisher-Price, Monster High, American Girl, Polly Pocket, and Hot Wheels in 150 countries, an

Activity Summary - Week Ending 6 November 2020:

• Red Sky Alliance observed 60 unique email accounts compromised with Keyloggers
• A University of Albert professor may be Keylogged
• Analysts identified 44,623 connections from new unique IP addresses
• Collection identified 3,097 new IP addresses participating in various Botnets
• Ryuk Evolving Its Encryption and Evasion TTPs
• GravityRAT
• Eastern European cybercriminal group Attacking Health Care Services
• FBI warns of an "imminent" increase in Ransomware a

The Ryuk threat actors have struck again, moving from sending a phishing email to complete encryption across the victim’s network in just five hours. That breakneck speed is partially the result of the gang using the Zerologon privilege-escalation bug (CVE-2020-1472) less than two hours after the initial phish.

The Zerologon vulnerability allows an unauthenticated attacker with network access to a domain controller to completely compromise all Active Directory identity services, according to Mic

US Cyber Command, Microsoft, and Europol are attacking Trickbot's malicious infrastructure, ahead of the elections. It won't stop hackers from adapting but is expected to create breathing space during the elections. Check out these slides if you missed the webinar on October 21, 2020 to find out more:

View Webinar

Microsoft collaborated with cybersecurity companies and government agencies to take down the million-device Trickbot botnet to help protect the November 3^rd US Presidential election and stop the global spread of ransomware and other malware. The botnet has been used to distribute a variety of malicious code, including the Ryuk ransomware variant, which the US government has cited as a potential threat vector against the election. 

Microsoft obtained a court order from the US District Court, East

The current US administration is signaling it will be updating the US government’s approach to its maritime cybersecurity strategy.  Cyber security priorities are being discussed to enhance and secure the US’ ability to ‘project power at sea and defend against adversarial cyberattacks.’  The plan involves a re-examination of the national approach to information sharing and better emphasizing the use of operational technologies in ports. 

Hackers at all tier levels have long targeted shipping fir

On June 23, 2020, the US Federal Bureau of Investigation sent out a security alert to K-12 schools about the increase in ransomware attacks during the coronavirus (COVID-19) pandemic, especially about ransomware gangs that abuse remote desktop connections to break into school systems.

The alert, called a Private Industry Notification, or PIN, tells schools that "cyber actors are likely to increase targeting of K-12 schools during the COVID-19 pandemic because they represent an opportunistic targe

The City of Durham, North Carolina has shut down its network after suffering a cyberattack by the Ryuk Ransomware on 07 March 2020.  Local media reports that the city fell victim to a phishing attack that ultimately led to the deployment of the Ryuk Ransomware on their systems.  Ryuk was developed by a Russian hacker group and finds its way into a network once someone opens a malicious email attachment. Once deployed, Ryuk can spread across network servers through file shares to individual compu

https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/

Our UK partners have share an important report on Ryuk Malware.

Ryuk was first seen in August 2018 and has been responsible for multiple attacks globally. Ryuk is a targeted ransomware where demands are set according to the victim’s perceived ability to pay.

The Ryuk ransomware is often not observed until a period of time after the initial infection – ranging from days to months – which allows the actor time to carry out re